Security

(public)

User Story

+++ This bug was initially created as a clone of Bug #664284 +++
Our proposal was to use the "connect" CSP directive to control what servers websockets (and XHR) are allowed to connect to. We should implement this proposal.